summaryrefslogtreecommitdiff
path: root/lib/escape.c
Commit message (Collapse)AuthorAgeFilesLines
* Improve code readbilitySylvestre Ledru2017-03-131-3/+1
| | | | | | ... by removing the else branch after a return, break or continue. Closes #1310
* checksrc: stricter no-space-before-paren enforcementDaniel Stenberg2016-12-131-1/+1
| | | | In order to make the code style more uniform everywhere
* realloc: use Curl_saferealloc to avoid common mistakesDaniel Stenberg2016-11-111-4/+3
| | | | Discussed: https://curl.haxx.se/mail/lib-2016-11/0087.html
* unescape: avoid integer overflowDaniel Stenberg2016-10-311-2/+8
| | | | | | | CVE-2016-8622 Bug: https://curl.haxx.se/docs/adv_20161102H.html Reported-by: Cure53
* curl_easy_unescape: deny negative string lengths as inputDaniel Stenberg2016-09-141-8/+10
| | | | | | CVE-2016-7167 Bug: https://curl.haxx.se/docs/adv_20160914.html
* curl_easy_escape: deny negative string lengths as inputDaniel Stenberg2016-09-141-2/+8
| | | | | | CVE-2016-7167 Bug: https://curl.haxx.se/docs/adv_20160914.html
* typedefs: use the full structs in internal code...Daniel Stenberg2016-06-221-5/+6
| | | | ... and save the typedef'ed names for headers and external APIs.
* internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg2016-06-221-1/+1
|
* lib: include curl_printf.h as one of the last headersDaniel Stenberg2016-04-291-2/+1
| | | | | | | | | | | | | | | | | | | | curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
* code: style updatesDaniel Stenberg2016-04-031-2/+2
|
* URLs: change more http to httpsViktor Szakats2016-02-041-1/+1
|
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-031-1/+1
|
* curl_memory: make curl_memory.h the second-last header file loadedDan Fandrich2015-03-241-2/+2
| | | | | | | This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers.
* Bug #149: Deletion of unnecessary checks before calls of the function "free"Markus Elfring2015-03-161-2/+1
| | | | | | | | | | | The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
* mprintf.h: remove #ifdef CURLDEBUGDaniel Stenberg2015-03-031-4/+2
| | | | | ... and as a consequence, introduce curl_printf.h with that re-define magic instead and make all libcurl code use that instead.
* code cleanup: We prefer 'CURLcode result'Steve Holme2014-10-281-7/+8
|
* Curl_urldecode: don't allow NULL as receiverDaniel Stenberg2014-02-131-4/+3
| | | | | | | | | | | | | For a function that returns a decoded version of a string, it seems really strange to allow a NULL pointer to get passed in which then prevents the decoded data from being returned! This functionality was not documented anywhere either. If anyone would use it that way, that memory would've been leaked. Bug: https://github.com/bagder/curl/pull/90 Reported-by: Arvid Norberg
* Curl_urldecode: no peeking beyond end of input bufferDaniel Stenberg2013-06-221-2/+3
| | | | | | | | | | | | | | | | Security problem: CVE-2013-2174 If a program would give a string like "%FF" to curl_easy_unescape() but ask for it to decode only the first byte, it would still parse and decode the full hex sequence. The function then not only read beyond the allowed buffer but it would also deduct the *unsigned* counter variable for how many more bytes there's left to read in the buffer by two, making the counter wrap. Continuing this, the function would go on reading beyond the buffer and soon writing beyond the allocated target buffer... Bug: http://curl.haxx.se/docs/adv_20130622.html Reported-by: Timo Sirainen
* build: fix circular header inclusion with other packagesYang Tse2013-01-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
* Revert changes relative to lib/*.[ch] recent renamingYang Tse2013-01-061-0/+233
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
* build: rename 93 lib/*.c filesYang Tse2013-01-031-233/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 93 lib/*.c source files renamed to use our standard naming scheme. This commit only does the file renaming. ---------------------------------------- renamed: lib/amigaos.c -> lib/curl_amigaos.c renamed: lib/asyn-ares.c -> lib/curl_asyn_ares.c renamed: lib/asyn-thread.c -> lib/curl_asyn_thread.c renamed: lib/axtls.c -> lib/curl_axtls.c renamed: lib/base64.c -> lib/curl_base64.c renamed: lib/bundles.c -> lib/curl_bundles.c renamed: lib/conncache.c -> lib/curl_conncache.c renamed: lib/connect.c -> lib/curl_connect.c renamed: lib/content_encoding.c -> lib/curl_content_encoding.c renamed: lib/cookie.c -> lib/curl_cookie.c renamed: lib/cyassl.c -> lib/curl_cyassl.c renamed: lib/dict.c -> lib/curl_dict.c renamed: lib/easy.c -> lib/curl_easy.c renamed: lib/escape.c -> lib/curl_escape.c renamed: lib/file.c -> lib/curl_file.c renamed: lib/fileinfo.c -> lib/curl_fileinfo.c renamed: lib/formdata.c -> lib/curl_formdata.c renamed: lib/ftp.c -> lib/curl_ftp.c renamed: lib/ftplistparser.c -> lib/curl_ftplistparser.c renamed: lib/getenv.c -> lib/curl_getenv.c renamed: lib/getinfo.c -> lib/curl_getinfo.c renamed: lib/gopher.c -> lib/curl_gopher.c renamed: lib/gtls.c -> lib/curl_gtls.c renamed: lib/hash.c -> lib/curl_hash.c renamed: lib/hmac.c -> lib/curl_hmac.c renamed: lib/hostasyn.c -> lib/curl_hostasyn.c renamed: lib/hostcheck.c -> lib/curl_hostcheck.c renamed: lib/hostip.c -> lib/curl_hostip.c renamed: lib/hostip4.c -> lib/curl_hostip4.c renamed: lib/hostip6.c -> lib/curl_hostip6.c renamed: lib/hostsyn.c -> lib/curl_hostsyn.c renamed: lib/http.c -> lib/curl_http.c renamed: lib/http_chunks.c -> lib/curl_http_chunks.c renamed: lib/http_digest.c -> lib/curl_http_digest.c renamed: lib/http_negotiate.c -> lib/curl_http_negotiate.c renamed: lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c renamed: lib/http_proxy.c -> lib/curl_http_proxy.c renamed: lib/idn_win32.c -> lib/curl_idn_win32.c renamed: lib/if2ip.c -> lib/curl_if2ip.c renamed: lib/imap.c -> lib/curl_imap.c renamed: lib/inet_ntop.c -> lib/curl_inet_ntop.c renamed: lib/inet_pton.c -> lib/curl_inet_pton.c renamed: lib/krb4.c -> lib/curl_krb4.c renamed: lib/krb5.c -> lib/curl_krb5.c renamed: lib/ldap.c -> lib/curl_ldap.c renamed: lib/llist.c -> lib/curl_llist.c renamed: lib/md4.c -> lib/curl_md4.c renamed: lib/md5.c -> lib/curl_md5.c renamed: lib/memdebug.c -> lib/curl_memdebug.c renamed: lib/mprintf.c -> lib/curl_mprintf.c renamed: lib/multi.c -> lib/curl_multi.c renamed: lib/netrc.c -> lib/curl_netrc.c renamed: lib/non-ascii.c -> lib/curl_non_ascii.c renamed: lib/curl_non-ascii.h -> lib/curl_non_ascii.h renamed: lib/nonblock.c -> lib/curl_nonblock.c renamed: lib/nss.c -> lib/curl_nss.c renamed: lib/nwlib.c -> lib/curl_nwlib.c renamed: lib/nwos.c -> lib/curl_nwos.c renamed: lib/openldap.c -> lib/curl_openldap.c renamed: lib/parsedate.c -> lib/curl_parsedate.c renamed: lib/pingpong.c -> lib/curl_pingpong.c renamed: lib/polarssl.c -> lib/curl_polarssl.c renamed: lib/pop3.c -> lib/curl_pop3.c renamed: lib/progress.c -> lib/curl_progress.c renamed: lib/qssl.c -> lib/curl_qssl.c renamed: lib/rawstr.c -> lib/curl_rawstr.c renamed: lib/rtsp.c -> lib/curl_rtsp.c renamed: lib/security.c -> lib/curl_security.c renamed: lib/select.c -> lib/curl_select.c renamed: lib/sendf.c -> lib/curl_sendf.c renamed: lib/share.c -> lib/curl_share.c renamed: lib/slist.c -> lib/curl_slist.c renamed: lib/smtp.c -> lib/curl_smtp.c renamed: lib/socks.c -> lib/curl_socks.c renamed: lib/socks_gssapi.c -> lib/curl_socks_gssapi.c renamed: lib/socks_sspi.c -> lib/curl_socks_sspi.c renamed: lib/speedcheck.c -> lib/curl_speedcheck.c renamed: lib/splay.c -> lib/curl_splay.c renamed: lib/ssh.c -> lib/curl_ssh.c renamed: lib/sslgen.c -> lib/curl_sslgen.c renamed: lib/ssluse.c -> lib/curl_ssluse.c renamed: lib/strdup.c -> lib/curl_strdup.c renamed: lib/strequal.c -> lib/curl_strequal.c renamed: lib/strerror.c -> lib/curl_strerror.c renamed: lib/strtok.c -> lib/curl_strtok.c renamed: lib/strtoofft.c -> lib/curl_strtoofft.c renamed: lib/telnet.c -> lib/curl_telnet.c renamed: lib/tftp.c -> lib/curl_tftp.c renamed: lib/timeval.c -> lib/curl_timeval.c renamed: lib/transfer.c -> lib/curl_transfer.c renamed: lib/url.c -> lib/curl_url.c renamed: lib/version.c -> lib/curl_version.c renamed: lib/warnless.c -> lib/curl_warnless.c renamed: lib/wildcard.c -> lib/curl_wildcard.c ----------------------------------------
* build: make use of 93 lib/*.c renamed filesYang Tse2013-01-031-2/+2
| | | | | | 93 *.c source files renamed to use our standard naming scheme. This change affects 77 files in libcurl's source tree.
* build: make use of 76 lib/*.h renamed filesYang Tse2012-12-281-6/+6
| | | | | | 76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
* URL sanitize: reject URLs containing bad dataDaniel Stenberg2012-01-241-13/+50
| | | | | | | | | | | | | | | | | | | Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
* stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse2011-07-261-4/+1
|
* compiler warning: fixYang Tse2011-05-231-2/+6
| | | | Fix compiler warning: expression has no effect
* source cleanup: unify look, style and indent levelsDaniel Stenberg2011-04-271-2/+1
| | | | | By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
* CURL_DOES_CONVERSIONS: cleanupDaniel Stenberg2011-04-201-22/+5
| | | | | Massively reduce #ifdefs all over (23 #ifdef lines less so far) Moved conversion-specific code to non-ascii.c
* curl_easy_escape: don't escape "unreserved" charactersDaniel Stenberg2010-09-281-3/+6
| | | | | | | | According to RFC3986 section 2.3 the letters -, ., _ and ~ should not be percent-encoded. Reported by: Miguel Diaz Bug: http://curl.haxx.se/mail/lib-2010-09/0227.html
* remove the CVSish $Id$ linesDaniel Stenberg2010-03-241-1/+0
|
* fix compiler warningYang Tse2010-02-241-3/+4
|
* wrap long lines and do some indent policingDaniel Stenberg2010-01-221-2/+3
|
* libcurl's memory.h renamed to curl_memory.hYang Tse2009-04-211-2/+2
|
* Added const to some pointer variablesDan Fandrich2008-10-081-0/+6
|
* Factored out Curl_isalnumDan Fandrich2008-09-091-20/+27
|
* if () => if()Daniel Stenberg2007-11-071-2/+2
| | | | | while () => while() and some other minor re-indentings
* Alex Fishman reported a curl_easy_escape() problem that was made theDaniel Stenberg2007-09-301-2/+2
| | | | | | function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a signed / unsigned mistake in the code. I fixed it and added test case 543 to verify.
* Fixed some minor mismatched types found by splint.Dan Fandrich2007-08-261-1/+1
|
* Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work onDaniel Stenberg2007-08-041-7/+22
| | | | non-ASCII systems.
* Avoid typecasting a signed char to an int when using is*() functions, as thatDaniel Stenberg2006-10-171-5/+1
| | | | | | | | | could very well cause a negate number get passed in and thus cause reading outside of the array usually used for this purpose. We avoid this by using the uppercase macro versions introduced just now that does some extra crazy typecasts to avoid byte codes > 127 to cause negative int values.
* First commit of David McCreedy's EBCDIC and TPF changes.Daniel Stenberg2006-04-071-2/+52
|
* Variable type cleanups to please the picky MIPSPro compiler.Daniel Stenberg2004-07-011-2/+3
|
* include header for our printfsDaniel Stenberg2004-06-241-9/+12
|
* Replaced all uses of sprintf() with the safer snprintf(). It is just aDaniel Stenberg2004-06-241-1/+1
| | | | precaution to prevent mistakes to lead to buffer overflows.
* curl_free() doesn't free(NULL) but just returnsDaniel Stenberg2004-05-131-1/+2
|
* return NULL on out of memoryDaniel Stenberg2004-05-121-3/+6
|
* curl_global_init_mem() allows the memory functions to be replaced.Daniel Stenberg2004-05-111-2/+1
| | | | memory.h is included everywhere for this.
* size_t/int/long fixesDaniel Stenberg2004-03-081-4/+4
|
* Dan Fandrich's cleanup patch to make pedantic compiler options cause lessDaniel Stenberg2004-01-291-8/+8
| | | | warnings. Minor edits by me.
* updated year in the copyright stringDaniel Stenberg2004-01-071-1/+1
|
View Lorry Controller Status